I am looking for either hardware or software monitoring/preventive solution, so some users in Small company (Windows domain) cannot upload any files to Internet or at least such files would be tested for forbidden file extensions.

To be more specific I can say that some designers in our company work locally on CAD files and share them over the LAN (windows domain controlled by w2k3 & w2k servers).
Since all of them have internet access, I am looking for some security tool that would block them from uploading such files into Internet due to security measures of our company (all such files need to stay inside the company). still they would need access to such files locally and over the LAN.

kostyanj wrote:a simple firewall like zonealarm pro can be programmed to do that.

well, I looked through ZA Pro 4.5 and all what I can find is inbound attachment filtering and outbound security features (e.g. too many emails sent at once, too many recipents and sender's (!?) address exclusion list).

I am looking for outbound attachment filtering.
Can you be more specific which personal firewall software I should focus my efforts on?

It's been a while since I've done anything like this. Assuming you have all the users on the domain, you can set up a domain policy to restrict access to the internet (certain websites, certain times).

However besides filtering outbound email attachments there is also another issue somehow linked to it but not directly.

Since almost everyone in company uses internet, so all users can access either a webmail or some other file storage services that could allow them to smuggle out some potentially important information out of the company.
I think that creating GPO blacklisting only the most popular webmails e.g. yahoo, hotmail, gmail, etc. is not an issue here, because there will be always some other webmail service (e.g. in another country) that internet users can access.

The main question would be if there is ANY way to disallow windows domain users to even click IE buttons like Browse, File Upload, Attach file, etc.
I think only above would successfully patch the security hole. but is it possible... and how? perhaps there is some preferences/policy setting that could do the trick....
waiting for news from you guys